328
DWS-1008 User’s Manual
D-Link Systems, Inc.
Managing 802.1X
Managing 802.1X
Certain settings for IEEE 802.1X sessions on the DWS-1008 switch are enabled by default.
For best results, change the settings only if you are aware of a problem with the switch’s
802.1X performance. For settings that you can reset with a clear command, MSS reverts to
the default value.
Caution:
802.1X parameter settings are global for all SSIDs configured on the switch.
Managing 802.1X on Wired Authentication Ports
A wired authentication port is an Ethernet port that has 802.1X authentication enabled for
access control. Like wireless users, users that are connected to a switch by Ethernet wire can
be authenticated before they can be authorized to use the network. One difference between
a wired authenticated user and a
wireless
authenticated user is that data for wired users is
not encrypted after the users are authenticated.
By default, 802.1X authentication is enabled for wired authenticated ports, but you can disable
it. You can also set the port to unconditionally authorize, or unconditionally reject, all users.
Enabling and Disabling 802.1X Globally
The following command globally enables or disables 802.1X authentication on all wired
authentication ports on a DWS-1008 switch:
set dot1x authcontrol
{
enable
|
disable
}
The default setting is
enable
, which permits 802.1X authentication to occur as determined by
the
set dot1X port-control
command for each wired authentication port. The
disable
setting
forces all wired authentication ports to unconditionally authorize all 802.1X authentication
attempts by users with an EAP success message.
To reenable 802.1X authentication on wired authentication ports, type the following
command:
DWS-1008#
set dot1x authcontrol enable
success: dot1x authcontrol enabled.
Setting 802.1X Port Control
The following command specifies the way a wired authentication port or group of ports handles
user 802.1X authentication attempts:
set dot1x port-control
{
forceauth
|
forceunauth
|
auto
}
port-list
The default setting is
auto
, which allows the switch to process 802.1X authentication normally
according to the authentication configuration. Alternatively, you can set a wired authentication
port or ports to either unconditionally authenticate or unconditionally reject all users.
Summary of Contents for DWS-1008
Page 1: ......